pwn 0.5.504 → 0.5.506

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62c1bc05c91ca9fccd91e490059fdd2ca01fb402d92858f08bacae5123f7d874
-  data.tar.gz: 0636fbce91309aac818e5b805390cafebcf3538d92af18164632c320ca21cfa1
+  metadata.gz: ff5a5cd8f4d9e0ce9d23468de01cb6c0f685ed4c9541e08af39dcb05b8c50d67
+  data.tar.gz: e9afe048562d6d832972c9990a24db2b78a6d5c76e95959079ac4412e959c152
 SHA512:
-  metadata.gz: 47556a1d0032c65354d9536a4ace20309d2f958a3d832cfa29cedda089d07345b0b77dbf08c3bf5b1cbb4f67a75499b595f98be4cadd8cab00be774df8e7dee9
-  data.tar.gz: 1b7d7de1768368b94a1aa601e53e16bf59a2743b16b7070fbda38ce88ba1c0d41b66d8de1a2b926b647838aea988dbdb2423759acb91250ec1349299c949d4b7
+  metadata.gz: 30d268063617d51deeed10b035ed8566913eebf114247ea8f4d988347a447faff622105e032f103ece1a56a69145e8ade0a79a6c9b0ec183f075065ca9d25818
+  data.tar.gz: 1c8deccd120888637f7a257cd3304374caac61bb9276a6f48b7c20a68e00087a7ec952a2c823745e62aa87c720c478b99f69e367ad95151365d06f644cfd49a0

data/.rubocop.yml

@@ -18,7 +18,7 @@ Metrics/CyclomaticComplexity:
 Metrics/MethodLength:
   Max: 565
 Metrics/ModuleLength:
-  Max: 1549
+  Max: 1563
 Metrics/PerceivedComplexity:
   Max: 157
 Style/HashEachMethods:

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.504]:001 >>> PWN.help
+pwn[v0.5.506]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.504]:001 >>> PWN.help
+pwn[v0.5.506]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.504]:001 >>> PWN.help
+pwn[v0.5.506]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb

@@ -46,7 +46,7 @@ module PWN
       # Supported Method Parameters::
       # burp_obj = PWN::Plugins::BurpSuite.init_introspection_thread(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   enumerable_array: 'required - array of items to process in the thread'
+      #   type: 'required - type of history to introspect (:sitemap, :proxy_history, :websocket_history)'
       # )
       private_class_method def self.init_introspection_thread(opts = {})
         #  if PWN::Env[:ai][:introspection] is true,
@@ -60,7 +60,12 @@ module PWN
         burp_obj = opts[:burp_obj]
         raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
 
+        valid_types = %i[proxy_history sitemap websocket_history]
+        type = opts[:type]
+        raise "ERROR: type parameter is required and must be one of: #{valid_types.join(', ')}" unless valid_types.include?(type)
+
         if PWN::Env[:ai][:introspection]
+          introspection_thread_arr = burp_obj[:introspection_threads] ||= []
           introspection_thread = Thread.new do
             system_role_content = '
               Your expertise lies in dissecting HTTP request/response pairs and WebSocket messages to identify high-impact vulnerabilities, including but not limited to XSS (reflected, stored, DOM-based), CSRF, SSRF, IDOR, open redirects, CORS misconfigurations, authentication bypasses, SQLi/NoSQLi, command/code injection, business logic flaws, race conditions, and API abuse. You prioritize zero-days and novel chains, always focusing on exploitability, impact (e.g., account takeover, data exfiltration, RCE), and reproducibility.
@@ -119,95 +124,130 @@ module PWN
               highlight_color
             end
 
-            proxy_history = []
             loop do
-              # TODO: Implement sitemap and repeater into the loop.
-              # Sitemap should work the same as proxy history.
+              # TODO: Implement repeater into the loop?  This reduces load to LLM but is slooow.
               # Repeater should analyze the reqesut/response pair and suggest
-              # modifications to the request to further probe for vulnerabilities.
-              sitemap = get_sitemap(burp_obj: burp_obj)
-              sitemap.each do |entry|
-                next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
-
-                request = entry[:request]
-                response = entry[:response]
-                host = entry[:http_service][:host]
-                port = entry[:http_service][:port]
-                protocol = entry[:http_service][:protocol]
-                next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
-
-                proxy_history_entry = nil
-                if proxy_history.any?
-                  proxy_history_entry = proxy_history.find do |proxy_entry|
-                    next unless proxy_entry.key?(:http_service) && proxy_entry.key?(:request)
-
-                    proxy_entry[:http_service][:host] == host &&
-                      proxy_entry[:http_service][:port] == port &&
-                      proxy_entry[:http_service][:protocol] == protocol &&
-                      proxy_entry[:request] == entry[:request]
+              # modifications to the request to further probe for vulnerabilities _quickly_.
+              case type
+              when :proxy_history
+                sitemap = get_sitemap(burp_obj: burp_obj)
+                proxy_history = get_proxy_history(burp_obj: burp_obj)
+                proxy_history.each do |entry|
+                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
+
+                  request = entry[:request]
+                  response = entry[:response]
+                  host = entry[:http_service][:host]
+                  port = entry[:http_service][:port]
+                  protocol = entry[:http_service][:protocol]
+                  next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
+
+                  # If sitemap comment and highlight color exists, use that instead of re-analyzing
+                  sitemap_entry = nil
+                  if sitemap.any?
+                    sitemap_entry = sitemap.find do |site|
+                      next unless site.key?(:http_service) && site.key?(:request)
+
+                      site[:http_service][:host] == host &&
+                        site[:http_service][:port] == port &&
+                        site[:http_service][:protocol] == protocol &&
+                        site[:request] == entry[:request]
+                    end
                   end
-                end
 
-                if proxy_history_entry.is_a?(Hash) && proxy_history_entry[:comment].length.positive?
-                  entry[:comment] = proxy_history_entry[:comment]
-                  entry[:highlight] = proxy_history_entry[:highlight]
-                else
-                  request = Base64.strict_decode64(request)
-                  response = Base64.strict_decode64(response)
-                  http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
-                  ai_analysis = PWN::AI::Introspection.reflect_on(
-                    system_role_content: system_role_content,
-                    request: http_request_response,
-                    suppress_pii_warning: true
-                  )
+                  if sitemap_entry.is_a?(Hash) && sitemap_entry[:comment].length.positive?
+                    entry[:comment] = sitemap_entry[:comment]
+                    entry[:highlight] = sitemap_entry[:highlight]
+                  else
+                    request = Base64.strict_decode64(request)
+                    response = Base64.strict_decode64(response)
 
-                  next if ai_analysis.nil? || ai_analysis.strip.empty?
+                    http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
+                    ai_analysis = PWN::AI::Introspection.reflect_on(
+                      system_role_content: system_role_content,
+                      request: http_request_response,
+                      suppress_pii_warning: true
+                    )
 
-                  entry[:comment] = ai_analysis
-                  entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
-                end
+                    next if ai_analysis.nil? || ai_analysis.strip.empty?
 
-                update_sitemap(
-                  burp_obj: burp_obj,
-                  entry: entry
-                )
-              end
+                    entry[:comment] = ai_analysis
+                    entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
+                  end
+
+                  update_proxy_history(
+                    burp_obj: burp_obj,
+                    entry: entry
+                  )
+                end
+                sleep Random.rand(30..60)
+
+              when :sitemap
+                proxy_history = get_proxy_history(burp_obj: burp_obj)
+                sitemap = get_sitemap(burp_obj: burp_obj)
+                sitemap.each do |entry|
+                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
+
+                  request = entry[:request]
+                  response = entry[:response]
+                  host = entry[:http_service][:host]
+                  port = entry[:http_service][:port]
+                  protocol = entry[:http_service][:protocol]
+                  next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
+
+                  proxy_history_entry = nil
+                  if proxy_history.any?
+                    proxy_history_entry = proxy_history.find do |proxy_entry|
+                      next unless proxy_entry.key?(:http_service) && proxy_entry.key?(:request)
+
+                      proxy_entry[:http_service][:host] == host &&
+                        proxy_entry[:http_service][:port] == port &&
+                        proxy_entry[:http_service][:protocol] == protocol &&
+                        proxy_entry[:request] == entry[:request]
+                    end
+                  end
 
-              proxy_history = get_proxy_history(burp_obj: burp_obj)
-              proxy_history.each do |entry|
-                next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
-
-                request = entry[:request]
-                response = entry[:response]
-                host = entry[:http_service][:host]
-                port = entry[:http_service][:port]
-                protocol = entry[:http_service][:protocol]
-                next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
-
-                # If sitemap comment and highlight color exists, use that instead of re-analyzing
-                sitemap_entry = nil
-                if sitemap.any?
-                  sitemap_entry = sitemap.find do |site|
-                    next unless site.key?(:http_service) && site.key?(:request)
-
-                    site[:http_service][:host] == host &&
-                      site[:http_service][:port] == port &&
-                      site[:http_service][:protocol] == protocol &&
-                      site[:request] == entry[:request]
+                  if proxy_history_entry.is_a?(Hash) && proxy_history_entry[:comment].length.positive?
+                    entry[:comment] = proxy_history_entry[:comment]
+                    entry[:highlight] = proxy_history_entry[:highlight]
+                  else
+                    request = Base64.strict_decode64(request)
+                    response = Base64.strict_decode64(response)
+                    http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
+                    ai_analysis = PWN::AI::Introspection.reflect_on(
+                      system_role_content: system_role_content,
+                      request: http_request_response,
+                      suppress_pii_warning: true
+                    )
+
+                    next if ai_analysis.nil? || ai_analysis.strip.empty?
+
+                    entry[:comment] = ai_analysis
+                    entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
                   end
+
+                  update_sitemap(
+                    burp_obj: burp_obj,
+                    entry: entry
+                  )
                 end
+                sleep Random.rand(60..90)
 
-                if sitemap_entry.is_a?(Hash) && sitemap_entry[:comment].length.positive?
-                  entry[:comment] = sitemap_entry[:comment]
-                  entry[:highlight] = sitemap_entry[:highlight]
-                else
-                  request = Base64.strict_decode64(request)
-                  response = Base64.strict_decode64(response)
+              when :websocket_history
+                websocket_history = get_websocket_history(burp_obj: burp_obj)
+                websocket_history.each do |entry|
+                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
 
-                  http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
+                  web_socket_id = entry[:web_socket_id]
+                  direction = entry[:direction]
+                  payload = entry[:payload]
+                  next if web_socket_id.nil? || direction.nil? || payload.nil?
+
+                  payload = Base64.strict_decode64(payload)
+                  websocket_req = PWN::Plugins::Char.force_utf8("WebSocket ID: #{web_socket_id}\nDirection: #{direction}\nPayload:\n#{payload}")
                   ai_analysis = PWN::AI::Introspection.reflect_on(
                     system_role_content: system_role_content,
-                    request: http_request_response,
+                    request: websocket_req,
                     suppress_pii_warning: true
                   )
 
@@ -215,43 +255,14 @@ module PWN
 
                   entry[:comment] = ai_analysis
                   entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
-                end
-
-                update_proxy_history(
-                  burp_obj: burp_obj,
-                  entry: entry
-                )
-              end
 
-              websocket_history = get_websocket_history(burp_obj: burp_obj)
-              websocket_history.each do |entry|
-                next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
-
-                web_socket_id = entry[:web_socket_id]
-                direction = entry[:direction]
-                payload = entry[:payload]
-                next if web_socket_id.nil? || direction.nil? || payload.nil?
-
-                payload = Base64.strict_decode64(payload)
-                websocket_req = PWN::Plugins::Char.force_utf8("WebSocket ID: #{web_socket_id}\nDirection: #{direction}\nPayload:\n#{payload}")
-                ai_analysis = PWN::AI::Introspection.reflect_on(
-                  system_role_content: system_role_content,
-                  request: websocket_req,
-                  suppress_pii_warning: true
-                )
-
-                next if ai_analysis.nil? || ai_analysis.strip.empty?
-
-                entry[:comment] = ai_analysis
-                entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
-
-                update_websocket_history(
-                  burp_obj: burp_obj,
-                  entry: entry
-                )
+                  update_websocket_history(
+                    burp_obj: burp_obj,
+                    entry: entry
+                  )
+                end
+                sleep Random.rand(3..10)
               end
-
-              sleep 3
             end
           rescue Errno::ECONNREFUSED
             puts 'BurpSuite AI Introspection Thread >>> Terminating API Calls...'
@@ -263,7 +274,7 @@ module PWN
             puts 'BurpSuite AI Introspection Thread >>> Goodbye.'
           end
 
-          burp_obj[:introspection_thread] = introspection_thread
+          burp_obj[:introspection_threads] = introspection_thread_arr.push(introspection_thread)
         end
 
         burp_obj
@@ -352,7 +363,9 @@ module PWN
           enabled: true
         )
 
-        init_introspection_thread(burp_obj: burp_obj)
+        burp_obj = init_introspection_thread(burp_obj: burp_obj, type: :sitemap)
+        burp_obj = init_introspection_thread(burp_obj: burp_obj, type: :proxy_history)
+        init_introspection_thread(burp_obj: burp_obj, type: :websocket_history)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
@@ -1994,8 +2007,9 @@ module PWN
         browser_obj = burp_obj[:mitm_browser]
         rest_browser = burp_obj[:rest_browser]
         mitm_rest_api = burp_obj[:mitm_rest_api]
-        introspection_thread = burp_obj[:introspection_thread]
-        introspection_thread.kill unless introspection_thread.nil?
+        introspection_thread_arr = burp_obj[:introspection_threads]
+        introspection_thread_arr.each(&:kill) if introspection_thread_arr.is_a?(Array) && introspection_thread_arr.any?
+        # introspection_thread.kill unless introspection_thread.nil?
 
         PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
         rest_browser.post("http://#{mitm_rest_api}/shutdown", '')

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.504'
+  VERSION = '0.5.506'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.504
+  version: 0.5.506
 platform: ruby
 authors:
 - 0day Inc.